0d46311d4b5b20746fbeaeb16f00ef265c254fa6f81b564640c015232f83252e

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-10-2024 23:20

Target

Built.exe
Size

7.5MB
MD5

4faed207c50d4b3ef6aabdac60bdda2c
SHA1

fc111cca12c342ffb2e56150ee68b01b41b6e8ed
SHA256

0d46311d4b5b20746fbeaeb16f00ef265c254fa6f81b564640c015232f83252e
SHA512

5dbd6959bde2caf57c49fad80972a9117208c2da00cdd0a7a74d00348e3a41076bc92626e49d0e3bd59476b1ef21b73dbd967a3e15a6e1535b29a8384690c0de
SSDEEP

196608:owhBGurErvI9pWjg/Qc+4o673pNrabenyzWGPMYnN9si:ZGurEUWjZZ4dDLIeyzWGPTNCi

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2256	Built.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019438-21.dat	upx
behavioral1/memory/2256-23-0x000007FEF6050000-0x000007FEF6715000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2256	2060	Built.exe	31
PID 2060 wrote to memory of 2256	2060	Built.exe	31
PID 2060 wrote to memory of 2256	2060	Built.exe	31

C:\Users\Admin\AppData\Local\Temp\Built.exe
"C:\Users\Admin\AppData\Local\Temp\Built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Users\Admin\AppData\Local\Temp\Built.exe
  "C:\Users\Admin\AppData\Local\Temp\Built.exe"
  2⤵
  - Loads dropped DLL
  PID:2256

C:\Users\Admin\AppData\Local\Temp\_MEI20602\python312.dll

Filesize
1.7MB

MD5
eb02b8268d6ea28db0ea71bfe24b15d6

SHA1
86f723fcc4583d7d2bd59ca2749d4b3952cd65a5

SHA256
80222651a93099a906be55044024d32e93b841c83554359d6e605d50d11e2e70

SHA512
693bbc3c896ad3c6044c832597f946c778e6c6192def3d662803e330209ec1c68d8d33bd82978279ae66b264a892a366183dcef9a3a777e0a6ee450a928268e2

Download Submit
memory/2256-23-0x000007FEF6050000-0x000007FEF6715000-memory.dmp

Filesize
6.8MB

Download